Angelo Martino pleads guilty to participating in ransomware attacks
Updated
Updated · The Wall Street Journal · Apr 24
Angelo Martino pleads guilty to participating in ransomware attacks
10 articles · Updated · The Wall Street Journal · Apr 24
Martino, a 41-year-old cyber-incident responder, admitted providing insider information to BlackCat affiliates, enabling ransom payments exceeding $20 million from companies in multiple industries.
The Justice Department seized $10 million in assets from Martino, who worked for a legitimate U.S. incident-response firm. Two accomplices pleaded guilty last year; all face up to 20 years in prison.
The case highlights the risks of trusting third-party responders with sensitive data during crises, as insider-assisted breaches cost companies nearly $5 million on average and often lack regulatory oversight.
Did the negotiator's $75M scheme help fund BlackCat's massive healthcare system attack?
With accomplices' sentencing next week, will more cybersecurity insiders be exposed?
After a negotiator's betrayal, how can companies ever truly trust their cybersecurity crisis teams?
Should the U.S. government now regulate ransomware negotiators like financial advisors?
How will cyber insurance policies change now that negotiators are a proven insider threat?
Could audited AI bots replace human negotiators to prevent this type of insider fraud?
$75 Million Ransom Toll Exposed: How Insider Angelo Martino Enabled BlackCat Attacks
Overview
In 2023, Angelo Martino, a ransomware negotiator at DigitalMint, betrayed his role by leaking sensitive victim information to the BlackCat ransomware group, enabling tailored ransom demands that led five U.S. organizations to pay over $75 million. Martino and his co-conspirators deployed attacks causing severe operational disruptions, including a massive breach at Change Healthcare affecting 193 million records. The scheme went undetected due to conflicts of interest and lack of oversight within DigitalMint. Following investigations, Martino pleaded guilty in 2026, surrendered, and faced asset seizures and sentencing. This case exposed critical insider threat risks, prompting DigitalMint and the cybersecurity industry to implement stronger controls, while law enforcement intensified efforts to combat such insider-enabled ransomware crimes.